OWASP Top 10 Security Risks for 2010 mapped to Klocwork Java checkers

From current

Reference > Coding standards > OWASP Top 10 Security Risks for 2010 mapped to Klocwork Java checkers

See also Java checker reference.

OWASP Risk ID Klocwork Checker Code and Description
A1 SV.DATA.BOUND Untrusted Data leaks into trusted storage

SV.DATA.DB Data injection
SV.EXEC Process Injection
SV.PATH.INJ File injection
SV.SQL SQL Injection
SV.SQL.DBSOURCE Unchecked information from the database is used in SQL statements

A2 SV.XSS.DB Cross Site Scripting (Stored XSS)

SV.XSS.REF Cross Site Scripting (Reflected XSS)

A3 SV.EXEC.DIR Process Injection. Working Directory

SV.EXEC.ENV Process Injection. Environment Variables
SV.LDAP Unvalidated user input is used as LDAP filter
SV.TMPFILE Temporary file path tampering

A4 SV.PATH Path and file name injection
A6 ECC.EMPTY Tainted data

EXC.BROADTHROWS Method has an overly broad throws declaration
JD.CATCH Catching runtime exception
JD.FINRET Return inside finally
JD.UNCAUGHT Uncaught exception
SV.IL.DEV Design information leakage
SV.IL.FILE File Name Leaking
UMC.SYSERR Debug print using System.err method calls is unwanted
UMC.SYSOUT Debug print using System.out method calls is unwanted

A7 SV.PASSWD.HC.EMPTY Empty Password

SV.PASSWD.PLAIN Plain-text Password
SV.RANDOM Use of insecure Random number generator

A10 SV.EMAIL Unchecked e-mail

SV.HTTP_SPLIT HTTP Response Splitting
SV.LOG_FORGING Log Forging
SV.TAINT Tainted data
SV.TAINT_NATIVE Tainted data goes to native code
SV.XPATH Unvalidated user input is used as an XPath expression


Retrieved from "http://www.klocwork.com/products/documentation/current/OWASP_Top_10_Security_Risks_for_2010_mapped_to_Klocwork_Java_checkers"